Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
AWS
Loading resources...

Resource Type: AWS > RDS > DB Instance

The DB Instance resource type is a database instance that can be created and managed on the AWS platform. It provides a scalable and secure environment for running and managing databases in the cloud.

Resource Context

DB Instance is a part of the RDS service.

Each DB Instance lives under a Region.

Controls

The primary controls for AWS > RDS > DB Instance are:

  • Active
  • Allowed
  • Approved
  • Auto Minor Version Upgrade
  • Backup Retention Period
  • CMDB
  • Configured
  • Copy Tags to Snapshot
  • Deletion Protection
  • Discovery
  • Intelligent Assessment
  • Logs Export Configuration
  • Multi-AZ
  • Parameter Group
  • Performance Insights
  • Publicly Accessible
  • Schedule
  • ServiceNow
  • Tags
  • Usage

It is also targeted by these controls:

  • AWS > CIS v1.4 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption is enabled for RDS Instances (Automated)
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
  • AWS > CIS v4.0 > 2 - Storage > 2.02 - Relational Database Service (RDS) > 2.02.01 - Ensure that encryption-at-rest is enabled for RDS Instances
  • AWS > CIS v4.0 > 2 - Storage > 2.02 - Relational Database Service (RDS) > 2.02.02 - Ensure the Auto Minor Version Upgrade feature is enabled for RDS instances
  • AWS > CIS v4.0 > 2 - Storage > 2.02 - Relational Database Service (RDS) > 2.02.03 - Ensure that RDS instances are not publicly accessible
  • AWS > CIS v4.0 > 2 - Storage > 2.02 - Relational Database Service (RDS) > 2.02.04 - Ensure Multi-AZ deployments are used for enhanced availability in Amazon RDS
  • AWS > CIS v5.0 > 2 - Storage > 2.02 - Relational Database Service (RDS) > 2.02.01 - Ensure that encryption-at-rest is enabled for RDS Instances
  • AWS > CIS v5.0 > 2 - Storage > 2.02 - Relational Database Service (RDS) > 2.02.02 - Ensure the Auto Minor Version Upgrade feature is enabled for RDS instances
  • AWS > CIS v5.0 > 2 - Storage > 2.02 - Relational Database Service (RDS) > 2.02.03 - Ensure that RDS instances are not publicly accessible
  • AWS > CIS v5.0 > 2 - Storage > 2.02 - Relational Database Service (RDS) > 2.02.04 - Ensure Multi-AZ deployments are used for enhanced availability in Amazon RDS
  • AWS > CIS v6.0 > 3 - Storage > 3.02 - Relational Database Service (RDS) > 3.02.01 - Ensure that encryption-at-rest is enabled for RDS Instances
  • AWS > CIS v6.0 > 3 - Storage > 3.02 - Relational Database Service (RDS) > 3.02.02 - Ensure the Auto Minor Version Upgrade feature is enabled for RDS instances
  • AWS > CIS v6.0 > 3 - Storage > 3.02 - Relational Database Service (RDS) > 3.02.03 - Ensure that RDS instances are not publicly accessible
  • AWS > CIS v6.0 > 3 - Storage > 3.02 - Relational Database Service (RDS) > 3.02.04 - Ensure Multi-AZ deployments are used for enhanced availability in Amazon RDS
  • AWS > HIPAA > RDS > Database logging should be enabled
  • AWS > HIPAA > RDS > RDS DB instance backup should be enabled
  • AWS > HIPAA > RDS > RDS DB instance encryption at rest should be enabled
  • AWS > HIPAA > RDS > RDS DB instance multiple az should be enabled
  • AWS > HIPAA > RDS > RDS DB instance should be protected by backup plan
  • AWS > HIPAA > RDS > RDS DB instances should be in a backup plan
  • AWS > HIPAA > RDS > RDS DB instances should prohibit public access
  • AWS > NIST 800-53 > RDS > Database logging should be enabled
  • AWS > NIST 800-53 > RDS > RDS DB instance and cluster enhanced monitoring should be enabled
  • AWS > NIST 800-53 > RDS > RDS DB instance backup should be enabled
  • AWS > NIST 800-53 > RDS > RDS DB instance encryption at rest should be enabled
  • AWS > NIST 800-53 > RDS > RDS DB instance multiple az should be enabled
  • AWS > NIST 800-53 > RDS > RDS DB instances should be in a backup plan
  • AWS > NIST 800-53 > RDS > RDS DB instances should have deletion protection enabled
  • AWS > NIST 800-53 > RDS > RDS DB instances should prohibit public access
  • AWS > PCI v3.2.1 > RDS > 2 RDS DB Instances should prohibit public access

Quick Actions

  • DB Instance Reboot
  • Delete
  • Disable Auto Minor Versions Upgrade
  • Disable Copy Tags To Snapshot
  • Disable Deletion Protection
  • Disable Multi AZ
  • Disable Public Accessibility
  • Enable Auto Minor Versions Upgrade
  • Enable Copy Tags To Snapshot
  • Enable Deletion Protection
  • Enable Multi AZ
  • Reboot DB Instance
  • Router
  • Set Tags
  • Skip alarm for Active control
  • Skip alarm for Active control [90 days]
  • Skip alarm for Approved control
  • Skip alarm for Approved control [90 days]
  • Skip alarm for Tags control
  • Skip alarm for Tags control [90 days]
  • Snapshot and delete from AWS
  • Snapshot and delete instance
  • Snapshot and stop instance
  • Start
  • Start DB Instance
  • Stop
  • Stop DB Instance
  • Update Auto Minor Version Upgrade
  • Update Backup Retention Period
  • Update Copy Tags to Snapshot
  • Update Deletion Protection
  • Update Logs Export Configuration
  • Update Multi-AZ
  • Update Parameter Group
  • Update Performance Insights
  • Update Tags

Category

  • Database

In Your Workspace

  • Controls by Resource Type report
  • Policy Settings by Resource Type report
  • Resources by Resource Type report

Developers

    Resource Type URI
    • tmod:@turbot/aws-rds#/resource/types/dbInstance
    • Category URI
    • tmod:@turbot/turbot#/resource/categories/database
    • GraphQL
    • query resource(id: "tmod:@turbot/aws-rds#/resource/types/dbInstance") { … }
    • query resourceActivities(filter: "resourceId:'tmod:@turbot/aws-rds#/resource/types/dbInstance'") { … }
    • mutation createResource(input: { … })
    • mutation updateResource(input: { … })
    • CLI
    • Get Resource
    • turbot graphql resource --id "tmod:@turbot/aws-rds#/resource/types/dbInstance"
    • Steampipe Query
    • Get Resource
    • select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/aws-rds#/resource/types/dbInstance';
      • Get Policy Settings (By Resource ID)
    • select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/aws-rds#/resource/types/dbInstance"';
      • Get Resource Notification
    • select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/aws-rds#/resource/types/dbInstance' and notification_type in ('resource_updated', 'resource_created');
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
182
Mods
520
Resource Types
9,010
Policies
3,503
Controls
1,927
Quick Actions
547
IAM